Jump to content
Tuts 4 You

hacks4sale.com - Trojan dropper


JesusSpork

Recommended Posts

I downloaded the demo software at www.hacks4sale.com b/c I was going to try & crack it. While installing it dropped ods.exe, stm.exe, msn.exe, iexplorer.exe, and ICSharpCode.SharpZipLib.dll into the Internet Explorer directory and had the attributes of being System files and were hidden.

Also, the demo doesn't do anything, I opened it in Reflector after unpacking, here's a bit of it:

box.Text = (box.Text & "Activated" & ChrW(13) & ChrW(10))
Thread.Sleep(2000)
box = Me.TextBox7
box.Text = (box.Text & "Connected to database!" & ChrW(13) & ChrW(10))
box = Me.TextBox7
box.Text = (box.Text & "Database dropped connection, retry in 2#" & ChrW(13) & ChrW(10))
Thread.Sleep(200)
box = Me.TextBox7
box.Text = (box.Text & "Connected to database!" & ChrW(13)

The original is protected with .net Reactor so I included the unpacked copy. Password is "tuts4you", even though there isn't any malicious code in these two .exe's

Edit: It also adds taksman.exe to the Startup folder.

H4S_Advanced_Password_Retriever.rar

Edited by JesusSpork
Link to comment
  • 2 months later...
  • 2 months later...
  • 3 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...